diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-08-11 15:52:50 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-08-11 15:52:50 -0400 |
| commit | 5decbad3eb779b1bbe11245cbde84701909e9c68 (patch) | |
| tree | 79e28c04d76ee8e225ee344b9d8c07a922728002 /ExpensiveHash.hs | |
| parent | 90b7c385f4e2f293502f9aca38aaa041b7b2f486 (diff) | |
| download | keysafe-5decbad3eb779b1bbe11245cbde84701909e9c68.tar.gz | |
nearly able to generate shards now
Diffstat (limited to 'ExpensiveHash.hs')
| -rw-r--r-- | ExpensiveHash.hs | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs index e089957..48acba2 100644 --- a/ExpensiveHash.hs +++ b/ExpensiveHash.hs @@ -3,38 +3,50 @@ module ExpensiveHash where import Types -import Versions +import Tunables import Cost import Serialization () +import qualified Data.Text as T import qualified Data.ByteString as B -import Raaz.Core.Encode import qualified Crypto.Argon2 as Argon2 +import Raaz.Core.Encode import Data.Time.Clock import Control.DeepSeq +import Data.Monoid -- | A hash that is expensive to calculate. -- -- This is a lynchpin of keysafe's security, because using this hash -- as an encryption key forces brute force attackers to generate -- hashes over and over again, taking a very long time. -data ExpensiveHash = ExpensiveHash (Cost CreationOp) B.ByteString +data ExpensiveHash = ExpensiveHash (Cost CreationOp) T.Text deriving (Show) data Salt t = Salt t -expensiveHash :: Encodable t => Tunables -> Salt t -> Password -> ExpensiveHash -expensiveHash tunables (Salt s) (Password password) = +-- | Would rather use haskell argon2 library, but it doesn't build +-- from source, and is buggy. https://github.com/ocharles/argon2/issues/3 +expensiveHash :: Encodable t => Tunables -> Salt t -> B.ByteString -> ExpensiveHash +expensiveHash tunables (Salt s) b = case expensiveHashTunable tunables of UseArgon2 opts cost -> ExpensiveHash cost $ - Argon2.hash opts password (toByteString s) + -- Using hashEncoded here and not hash, + -- because of this bug: + -- https://github.com/ocharles/argon2/issues/3 + Argon2.hashEncoded opts b argonsalt + where + -- argon salt cannot be shorter than 8 bytes, so pad with spaces. + argonsalt = + let sb = toByteString s + in sb <> B.replicate (8 - B.length sb ) 32 benchmarkExpensiveHash :: Tunables -> IO (Benchmark (Cost CreationOp)) benchmarkExpensiveHash tunables = do start <- getCurrentTime - let ExpensiveHash expected b = expensiveHash tunables - (Salt (KeyIdent gpgKey (Name ("benchmark" :: B.ByteString)))) - (Password ("himom" :: B.ByteString)) - end <- b `deepseq` getCurrentTime + let ExpensiveHash expected t = expensiveHash tunables + (Salt (KeyId gpgKey ("benchmark" :: B.ByteString))) + ("himom" :: B.ByteString) + end <- t `deepseq` getCurrentTime let diff = floor $ end `diffUTCTime` start let actual = CPUCost $ Seconds diff return $ Benchmark |